As you may be aware, versions of the TLS protocol below 1.2 are considered insecure due to exploits and the majority of the industry has already moved to support TLS 1.2+ only in most environments, which resolves security vulnerabilities found in previous versions of TLS. As part of our ongoing commitment to secure communications, IBM will begin supporting TLS 1.2+ only on April 1, 2019.

These devices will continue to receive simple pushes as long as their push tokens remain the same, but will lose that ability if their push token changes, since they will be unable to report the change back to IBM WCA. All connections from devices that do not support TLS 1.2+ to the WCA pod specified in the baseURL will fail.

What WCA Client actions are required?

iOS Actions

iOS application providers have one option: your users will need to upgrade to iOS 9 or higher. Apple has not provided any other workarounds.

Note: If you have set NSAppTransportSecurity to something other than the default values in your app’s Info.plist, you must make sure TLSv1.2 is supported.

Android Actions

Android application providers have three options for older devices.

Option 1: Migrate to Android WCA SDK 3.7.1.2.9 or higher.

IBM has added code to patch the Android security provider in the WCA SDK. Any users of the SDK who also have Google Play Services 5.0 or higher will automatically support TLS 1.2 if they are using WCA SDK 3.7.1.2.9 or higher.

In other words, if you have WCA SDK 3.7.1.2.9 or higher, you don’t have to do anything. Your app will use TLS 1.2 when connecting via HttpUrlConnection.

If you choose this option, your users will need time to migrate to your new app release.

All versions of Android 5.0 and higher (API 21) support TLS 1.2 and it is enabled by default. If you do not intend to support earlier APIs, dropping support for older platforms is an option.

If you choose this option, you may have users who choose not to upgrade, or who are unable to upgrade. If you have code which prevents users from running your app on unsupported platforms, you may want to use that to force an upgrade or uninstall.

Support for TLS 1.3 and beyond

The industry moves very rapidly on security matters. IBM is dedicated to maintaining high security, and as such we are already actively planning for the upcoming TLS 1.3. We will update our clients accordingly as these updates approach.

For additional information or to answer further questions, please open a WCA support case.